For a long time, we have a problem on our CI (TFW project) with tests using Date (HTTP) header etc. The main problem - system time synchronization between VMs. At some moment, the system time stopped syncing. After a few checks I found the problem in xfw - it blocks requests to syncing. See tcpdump.zip.
To reproduce:
- Connect to our
vm.web server and connect to any VM. For example: ssh dev-test (you should use dev-test or dev-remote)
- Check
System clock synchronized using timedatectl status - you must see System clock synchronized: no if the xfw is enabled. Otherwise - System clock synchronized: yes
- Disable\enable
xfw on the main server (vm.web) using xfwctl --start or xfwctl --stop
- Restart chrony and check on
dev-test using systemctl restart chrony and chronyc sources -v
Block sync (xfw enabled)
^? prod-ntp-4.ntp4.ps5.cano> 0 8 0 - +0ns[ +0ns] +/- 0ns
^? prod-ntp-3.ntp1.ps5.cano> 0 8 0 - +0ns[ +0ns] +/- 0ns
^? prod-ntp-3.ntp1.ps5.cano> 0 8 0 - +0ns[ +0ns] +/- 0ns
^? prod-ntp-5.ntp4.ps5.cano> 0 8 0 - +0ns[ +0ns] +/- 0ns
^? prod-ntp-5.ntp1.ps5.cano> 0 8 0 - +0ns[ +0ns] +/- 0ns
^? alphyn.canonical.com 0 8 0 - +0ns[ +0ns] +/- 0ns
^? prod-ntp-4.ntp4.ps5.cano> 0 8 0 - +0ns[ +0ns] +/- 0ns
^? tick.srs1.ntfo.org 0 8 0 - +0ns[ +0ns] +/- 0ns
^? white.web-ster.com 0 8 0 - +0ns[ +0ns] +/- 0ns
^? 66-175-211-68.ip.linodeu> 0 8 0 - +0ns[ +0ns] +/- 0ns
^? static.36.62.78.5.client> 0 8 0 - +0ns[ +0ns] +/- 0ns
^? 2607:f710:35::29c:0:2 0 8 0 - +0ns[ +0ns] +/- 0ns
^? 2a01:7e03::f03c:94ff:fe2> 0 8 0 - +0ns[ +0ns] +/- 0ns
^? ntp-1.jonlight.com 0 8 0 - +0ns[ +0ns] +/- 0ns
^? time5.sigi.net 0 8 0 - +0ns[ +0ns] +/- 0ns
Allow sync (xfw disabled)
^- alphyn.canonical.com 2 6 7 1 +673us[ +464us] +/- 42ms
^- prod-ntp-3.ntp1.ps5.cano> 2 6 7 2 +380us[ +171us] +/- 54ms
^- prod-ntp-5.ntp4.ps5.cano> 2 6 17 0 +30us[ +30us] +/- 53ms
^- prod-ntp-4.ntp4.ps5.cano> 2 6 7 2 +568us[ +359us] +/- 54ms
^- static.12.94.161.5.clien> 3 6 17 0 +422us[ +422us] +/- 23ms
^* time.cloudflare.com 3 6 17 1 +140us[ -114us] +/- 11ms
^? dns-e.ns4v.icu 0 6 0 - +0ns[ +0ns] +/- 0ns
^? 2600:1f13:2c1:2e00::be00> 0 6 0 - +0ns[ +0ns] +/- 0ns
^? us1-ipv6.cracky-chan.com 0 6 0 - +0ns[ +0ns] +/- 0ns
^? 2610:148:1f02:8200:1011:> 0 6 0 - +0ns[ +0ns] +/- 0ns
For a long time, we have a problem on our CI (TFW project) with tests using Date (HTTP) header etc. The main problem - system time synchronization between VMs. At some moment, the system time stopped syncing. After a few checks I found the problem in xfw - it blocks requests to syncing. See tcpdump.zip.
To reproduce:
vm.webserver and connect to any VM. For example:ssh dev-test(you should usedev-testordev-remote)System clock synchronizedusingtimedatectl status- you must seeSystem clock synchronized: noif thexfwis enabled. Otherwise -System clock synchronized: yesxfwon the main server (vm.web) usingxfwctl --startorxfwctl --stopdev-testusingsystemctl restart chronyandchronyc sources -vBlock sync (xfw enabled)
Allow sync (xfw disabled)